Skip to content

Secret

zenml.secret special

Initialization of the ZenML Secret module.

A ZenML Secret is a grouping of key-value pairs. These are accessed and administered via the ZenML Secret Manager (a stack component).

Secrets are distinguished by having different schemas. An AWS SecretSchema, for example, has key-value pairs for AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY as well as an optional AWS_SESSION_TOKEN. If you don't specify a schema at the point of registration, ZenML will set the schema as ArbitrarySecretSchema, a kind of default schema where things that aren't attached to a grouping can be stored.

arbitrary_secret_schema

Implementation of a SecretSchema for arbitrary key:value pairs.

ArbitrarySecretSchema (BaseSecretSchema) pydantic-model

Schema for arbitrary collections of key value pairs with no predefined schema.

Source code in zenml/secret/arbitrary_secret_schema.py
class ArbitrarySecretSchema(BaseSecretSchema):
    """Schema for arbitrary collections of key value pairs with no predefined schema."""

    TYPE: ClassVar[str] = ARBITRARY_SECRET_SCHEMA_TYPE

    arbitrary_kv_pairs: Dict[str, Any]

    @root_validator(pre=True)
    def build_arbitrary_kv_pairs(
        cls, values: Dict[str, Any]
    ) -> Dict[str, Any]:
        """Pydantic root_validator for the Secret Schemas.

        It takes all unused passed kwargs and passes them into the
        arbitrary_kv_pairs attribute.

        Args:
            values: Values passed to the object constructor

        Returns:
            Values passed to the object constructor
        """
        all_required_field_names = {
            field.alias
            for field in cls.__fields__.values()
            if field.alias != "arbitrary_kv_pairs"
        }

        arbitrary_kv_pairs: Dict[str, Any] = {
            field_name: values.pop(field_name)
            for field_name in list(values)
            if field_name not in all_required_field_names
        }

        values["arbitrary_kv_pairs"] = arbitrary_kv_pairs
        return values
build_arbitrary_kv_pairs(values) classmethod

Pydantic root_validator for the Secret Schemas.

It takes all unused passed kwargs and passes them into the arbitrary_kv_pairs attribute.

Parameters:

Name Type Description Default
values Dict[str, Any]

Values passed to the object constructor

required

Returns:

Type Description
Dict[str, Any]

Values passed to the object constructor

Source code in zenml/secret/arbitrary_secret_schema.py
@root_validator(pre=True)
def build_arbitrary_kv_pairs(
    cls, values: Dict[str, Any]
) -> Dict[str, Any]:
    """Pydantic root_validator for the Secret Schemas.

    It takes all unused passed kwargs and passes them into the
    arbitrary_kv_pairs attribute.

    Args:
        values: Values passed to the object constructor

    Returns:
        Values passed to the object constructor
    """
    all_required_field_names = {
        field.alias
        for field in cls.__fields__.values()
        if field.alias != "arbitrary_kv_pairs"
    }

    arbitrary_kv_pairs: Dict[str, Any] = {
        field_name: values.pop(field_name)
        for field_name in list(values)
        if field_name not in all_required_field_names
    }

    values["arbitrary_kv_pairs"] = arbitrary_kv_pairs
    return values

base_secret

Implementation of the Base SecretSchema class.

BaseSecretSchema (BaseModel, ABC) pydantic-model

Base class for all Secret Schemas.

Source code in zenml/secret/base_secret.py
class BaseSecretSchema(BaseModel, ABC):
    """Base class for all Secret Schemas."""

    name: str
    TYPE: ClassVar[str]

    @property
    def content(self) -> Dict[str, Any]:
        """A dictionary for the content of the SecretSchema.

        The concept of SecretSchemas supports strongly typed secret schemas as
        well as arbitrary collections of key-value pairs. This property unifies
        all attributes into a content dictionary.

        Returns:
            A dictionary containing the content of the SecretSchema.
        """
        fields_dict = self.dict(exclude_none=True)
        fields_dict.pop("name")
        if "arbitrary_kv_pairs" in fields_dict:
            arbitrary_kv_pairs = fields_dict.pop("arbitrary_kv_pairs")
            fields_dict.update(arbitrary_kv_pairs)
        return fields_dict

    @classmethod
    def get_schema_keys(cls) -> List[str]:
        """Get all attribute keys that are not part of the ignored set.

        These schema keys can be used to define all required key-value pairs of
        a secret schema.

        Returns:
            A list of all attribute keys that are not part of the ignored set.
        """
        ignored_keys = ["name", "arbitrary_kv_pairs"]
        return [
            schema_key
            for schema_key in cls.__fields__.keys()
            if schema_key not in ignored_keys
        ]

    class Config:
        """Pydantic configuration class."""

        # validate attribute assignments
        validate_assignment = True
        # report extra attributes as validation failures
        extra = "forbid"
content: Dict[str, Any] property readonly

A dictionary for the content of the SecretSchema.

The concept of SecretSchemas supports strongly typed secret schemas as well as arbitrary collections of key-value pairs. This property unifies all attributes into a content dictionary.

Returns:

Type Description
Dict[str, Any]

A dictionary containing the content of the SecretSchema.

Config

Pydantic configuration class.

Source code in zenml/secret/base_secret.py
class Config:
    """Pydantic configuration class."""

    # validate attribute assignments
    validate_assignment = True
    # report extra attributes as validation failures
    extra = "forbid"
get_schema_keys() classmethod

Get all attribute keys that are not part of the ignored set.

These schema keys can be used to define all required key-value pairs of a secret schema.

Returns:

Type Description
List[str]

A list of all attribute keys that are not part of the ignored set.

Source code in zenml/secret/base_secret.py
@classmethod
def get_schema_keys(cls) -> List[str]:
    """Get all attribute keys that are not part of the ignored set.

    These schema keys can be used to define all required key-value pairs of
    a secret schema.

    Returns:
        A list of all attribute keys that are not part of the ignored set.
    """
    ignored_keys = ["name", "arbitrary_kv_pairs"]
    return [
        schema_key
        for schema_key in cls.__fields__.keys()
        if schema_key not in ignored_keys
    ]

schemas special

Initialization of secret schemas.

aws_secret_schema

AWS Authentication Secret Schema definition.

AWSSecretSchema (BaseSecretSchema) pydantic-model

AWS Authentication Secret Schema definition.

Source code in zenml/secret/schemas/aws_secret_schema.py
class AWSSecretSchema(BaseSecretSchema):
    """AWS Authentication Secret Schema definition."""

    TYPE: ClassVar[str] = AWS_SECRET_SCHEMA_TYPE

    aws_access_key_id: str
    aws_secret_access_key: str
    aws_session_token: Optional[str] = None

azure_secret_schema

Azure Authentication Secret Schema definition.

AzureSecretSchema (BaseSecretSchema) pydantic-model

Azure Authentication Secret Schema definition.

Source code in zenml/secret/schemas/azure_secret_schema.py
class AzureSecretSchema(BaseSecretSchema):
    """Azure Authentication Secret Schema definition."""

    TYPE: ClassVar[str] = AZURE_SECRET_SCHEMA_TYPE

    account_name: Optional[str] = None
    account_key: Optional[str] = None
    sas_token: Optional[str] = None
    connection_string: Optional[str] = None
    client_id: Optional[str] = None
    client_secret: Optional[str] = None
    tenant_id: Optional[str] = None

basic_auth_secret_schema

Basic Authentication Secret Schema definition.

BasicAuthSecretSchema (BaseSecretSchema) pydantic-model

Secret schema for basic authentication.

Attributes:

Name Type Description
username str

The username that should be used for authentication.

password str

The password that should be used for authentication.

Source code in zenml/secret/schemas/basic_auth_secret_schema.py
class BasicAuthSecretSchema(BaseSecretSchema):
    """Secret schema for basic authentication.

    Attributes:
        username: The username that should be used for authentication.
        password: The password that should be used for authentication.
    """

    username: str
    password: str

    # Class configuration
    TYPE: ClassVar[str] = BASIC_AUTH_SCHEMA_TYPE

gcp_secret_schema

GCP Authentication Secret Schema definition.

GCPSecretSchema (BaseSecretSchema) pydantic-model

GCP Authentication Secret Schema definition.

Source code in zenml/secret/schemas/gcp_secret_schema.py
class GCPSecretSchema(BaseSecretSchema):
    """GCP Authentication Secret Schema definition."""

    TYPE: ClassVar[str] = GCP_SECRET_SCHEMA_TYPE

    token: str

    def get_credential_dict(self) -> Dict[str, Any]:
        """Gets a dictionary of credentials for authenticating to GCP.

        Returns:
            A dictionary representing GCP credentials.

        Raises:
            ValueError: If the token value is not a JSON string of a dictionary.
        """
        try:
            dict_ = json.loads(self.token)
        except json.JSONDecodeError:
            raise ValueError(
                "Failed to parse GCP secret token. The token value is not a "
                "valid JSON string."
            )

        if not isinstance(dict_, Dict):
            raise ValueError(
                "Failed to parse GCP secret token. The token value does not "
                "represent a GCP credential dictionary."
            )

        return dict_
get_credential_dict(self)

Gets a dictionary of credentials for authenticating to GCP.

Returns:

Type Description
Dict[str, Any]

A dictionary representing GCP credentials.

Exceptions:

Type Description
ValueError

If the token value is not a JSON string of a dictionary.

Source code in zenml/secret/schemas/gcp_secret_schema.py
def get_credential_dict(self) -> Dict[str, Any]:
    """Gets a dictionary of credentials for authenticating to GCP.

    Returns:
        A dictionary representing GCP credentials.

    Raises:
        ValueError: If the token value is not a JSON string of a dictionary.
    """
    try:
        dict_ = json.loads(self.token)
    except json.JSONDecodeError:
        raise ValueError(
            "Failed to parse GCP secret token. The token value is not a "
            "valid JSON string."
        )

    if not isinstance(dict_, Dict):
        raise ValueError(
            "Failed to parse GCP secret token. The token value does not "
            "represent a GCP credential dictionary."
        )

    return dict_

secret_schema_class_registry

Implementation of the ZenML SecretSchema Class Registry.

SecretSchemaClassRegistry

Registry for SecretSchema classes.

All SecretSchema classes must be registered here so they can be instantiated from the component type and flavor specified inside the ZenML repository configuration.

Source code in zenml/secret/secret_schema_class_registry.py
class SecretSchemaClassRegistry:
    """Registry for SecretSchema classes.

    All SecretSchema classes must be registered here so they can be
    instantiated from the component type and flavor specified inside the
    ZenML repository configuration.
    """

    secret_schema_classes: ClassVar[Dict[str, Type[BaseSecretSchema]]] = dict()

    @classmethod
    def register_class(
        cls,
        secret: Type[BaseSecretSchema],
    ) -> None:
        """Registers a SecretSchema class.

        Args:
            secret: The SecretSchema class to register.
        """
        flavors = cls.secret_schema_classes
        if secret.TYPE in flavors:
            logger.warning(
                "Overwriting previously registered secret schema class `%s` "
                "for type '%s' and flavor '%s'.",
                flavors[secret.TYPE].__class__.__name__,
                secret.TYPE,
            )

        flavors[secret.TYPE] = secret
        logger.debug(
            "Registered secret schema class for type '%s' and flavor '%s'.",
            secret.__class__.__name__,
            secret.TYPE,
        )

    @classmethod
    def get_class(
        cls,
        secret_schema: str,
    ) -> Type[BaseSecretSchema]:
        """Returns the SecretSchema class for the given flavor.

        Args:
            secret_schema: The flavor of the SecretSchema class to return.

        Returns:
            The SecretSchema class for the given flavor.

        Raises:
            KeyError: If no SecretSchema class is registered for the given
                flavor.
        """
        available_schemas = cls.secret_schema_classes
        try:
            return available_schemas[secret_schema]
        except KeyError:
            # The SecretSchema might be part of an integration
            # -> Activate the integrations and try again
            from zenml.integrations.registry import integration_registry

            integration_registry.activate_integrations()

            try:
                return available_schemas[secret_schema]
            except KeyError:
                raise KeyError(
                    f"No SecretSchema class found for schema flavor "
                    f"`{secret_schema}`. Registered flavors are: "
                    f"{set(available_schemas)}. If your secret schema "
                    f"class is part of a ZenML integration, make "
                    f"sure the corresponding integration is installed by "
                    f"running `zenml integration install INTEGRATION_NAME`."
                ) from None
get_class(secret_schema) classmethod

Returns the SecretSchema class for the given flavor.

Parameters:

Name Type Description Default
secret_schema str

The flavor of the SecretSchema class to return.

required

Returns:

Type Description
Type[zenml.secret.base_secret.BaseSecretSchema]

The SecretSchema class for the given flavor.

Exceptions:

Type Description
KeyError

If no SecretSchema class is registered for the given flavor.

Source code in zenml/secret/secret_schema_class_registry.py
@classmethod
def get_class(
    cls,
    secret_schema: str,
) -> Type[BaseSecretSchema]:
    """Returns the SecretSchema class for the given flavor.

    Args:
        secret_schema: The flavor of the SecretSchema class to return.

    Returns:
        The SecretSchema class for the given flavor.

    Raises:
        KeyError: If no SecretSchema class is registered for the given
            flavor.
    """
    available_schemas = cls.secret_schema_classes
    try:
        return available_schemas[secret_schema]
    except KeyError:
        # The SecretSchema might be part of an integration
        # -> Activate the integrations and try again
        from zenml.integrations.registry import integration_registry

        integration_registry.activate_integrations()

        try:
            return available_schemas[secret_schema]
        except KeyError:
            raise KeyError(
                f"No SecretSchema class found for schema flavor "
                f"`{secret_schema}`. Registered flavors are: "
                f"{set(available_schemas)}. If your secret schema "
                f"class is part of a ZenML integration, make "
                f"sure the corresponding integration is installed by "
                f"running `zenml integration install INTEGRATION_NAME`."
            ) from None
register_class(secret) classmethod

Registers a SecretSchema class.

Parameters:

Name Type Description Default
secret Type[zenml.secret.base_secret.BaseSecretSchema]

The SecretSchema class to register.

required
Source code in zenml/secret/secret_schema_class_registry.py
@classmethod
def register_class(
    cls,
    secret: Type[BaseSecretSchema],
) -> None:
    """Registers a SecretSchema class.

    Args:
        secret: The SecretSchema class to register.
    """
    flavors = cls.secret_schema_classes
    if secret.TYPE in flavors:
        logger.warning(
            "Overwriting previously registered secret schema class `%s` "
            "for type '%s' and flavor '%s'.",
            flavors[secret.TYPE].__class__.__name__,
            secret.TYPE,
        )

    flavors[secret.TYPE] = secret
    logger.debug(
        "Registered secret schema class for type '%s' and flavor '%s'.",
        secret.__class__.__name__,
        secret.TYPE,
    )

register_secret_schema_class(cls)

Registers the SecretSchema class and returns it unmodified.

Parameters:

Name Type Description Default
cls Type[~C]

The SecretSchema class to register.

required

Returns:

Type Description
Type[~C]

The (unmodified) SecretSchema class to register.

Source code in zenml/secret/secret_schema_class_registry.py
def register_secret_schema_class(cls: Type[C]) -> Type[C]:
    """Registers the SecretSchema class and returns it unmodified.

    Args:
        cls: The SecretSchema class to register.

    Returns:
        The (unmodified) SecretSchema class to register.
    """
    SecretSchemaClassRegistry.register_class(secret=cls)
    return cls